​FBI inches towards expanded hacking powers

Federal investigators are now one stop closer to having the authority to spy on faraway servers following the advancement of a proposed rule change that could expand certain law enforcement powers this week.

On Monday, the Judicial
Conference Advisory Committee on Criminal Rules voted 11-1 in
favor of updating “Rule 41,” a provision that currently limits
courts to granting search warrants only within certain
geographical bounds. Under the proposed changes, however, judges
would be able to approve warrants for remote searches of
computers outside of their district, or in instances where the
location is not known, widely expanding the Federal Bureau of
Investigation’s reach when it comes to targeting suspected
cybercriminals.

Tech giant Google warned earlier this year that the Department of
Justice’s proposed change “raises a number of monumental and
highly complex constitutional, legal and geopolitical concerns
that should be left to Congress to decide” because it would
let the FBI hack computer servers regardless of their
geographical location.

Richard Salgado, Google’s director of law enforcement and
information security, said previously that the proposal
“invariably expands the scope of law enforcement searches,
weakens the Fourth Amendment’s particularity and notice
requirements, opens the door to potentially unreasonable searches
and seizures and expands the practice of covert entry
warrants.”

The passage of the rule change would mean the government “may
use ‘remote access to search and seize or copy electronically
stored data,” Salgado said. But because “remote
access” isn’t defined, he warned, adoption of the proposal
could mean that FBI agents in any part of the country may soon be
authorized to target and infect servers elsewhere, including
abroad, for the sake of compromising a computer to conduct
surveillance.

Deputy Assistant Attorney General David Bitkower countered
critics when word of the proposed change made headlines earlier
this year and insisted “the proposal would not authorize the
government to undertake any search or seizure or use any remote
search technique not already permitted under current law.”
Others disagree, however, including Chris Soghoian– the American
Civil Liberties Union’s chief technology – who said that “the
government is seeking a troubling expansion of its power to
surreptitiously hack into computers, including using malware,”
adding, “Although this proposal is cloaked in the garb
of a minor procedural update, in reality it would be a major and
substantive change that would be better addressed by
Congress.”

Nathan Freed Wessler, an attorney with ACLU, told the National Journal this week that he agreed
that the proposed update “threatens to expand the
government's ability to use malware and so-called ‘zero-day
exploits’ without imposing necessary protections,” and
“fails to strike the right balance between safeguarding
privacy and Internet security and allowing the government to
investigate crimes."

But according to Dustin Volz, the journal article which broke
news of Monday’s vote, any update to Rule 41 would still be a
long time coming: although the proposal nearly unanimously passed
the Judicial Conference Advisory Committee on Criminal Rules, it
still has to be approved by the Standing Committee on Rules of
Practice and Procedure, likely during a June meeting, then the
full Judicial Conference and eventually the Supreme Court of the
United States; according to Volz, SCOTUS would have until May
2016 to accept the proposal, and it would be put on the rule
books later that year pending any possible interference from
Congress.